After the first vulnerability in Apache Log4j has been found and is discussed on the Internet, some more have been identified. All together, until now three vulnerabilities have been found. They are described in CVE-2021-44288 (resolved in Log4j 2.15), CVE-2021-45046 (resolved in Log4j 2.16), and CVE-2021-45105 (resolved in Log4j 2.17).

Tufin has checked whether Tufin Orchestration Suite is vulnerable or not.
The latest status can be found here: https://forum.tufin.com/support/kc/latest/Content/Suite/CVE-2021-44228.htm?cshid=CVE-2021-44228.
Some official patches are available, i.e. for RTOS 19.3 and above. If you are currently using R19-2 or earlier, please upgrade to a supported version of TOS.

It is recommended to check the latest status (Tufin Portal > Security Advisories) and to subscribe to Tufin's mailing list.
Please check also the Tufin Portal also for additional information.